QUESTION 21After receiving an alert regarding a rogue AP, a network engineer logs into Cisco Prime and looks at the floor map where the AP that detected the rogue is located. The map is synchronized with a mobility services engine that determines the rogue device is actually inside the campus. The engineer determines the rogue to be a security threat and decides to stop it from broadcasting inside the enterprise wireless network. What is the fastest way to disable the rogue?

A. Go to the location the rogue device is indicated to be and disable the power.B. Create an SSID on WLAN controller resembling the SSID of the rogue to spoof it and disable clients from connecting to it.C. Classify the rogue as malicious in Cisco Prime.D. Update the status of the rogue in Cisco Prime to contained.

Answer: C

QUESTION 22An engineer has determined that the source of an authentication issue is the client laptop.Which three items must be verified for EAP-TLS authentication? (Choose three.)

A. The client certificate is formatted as X 509 version 3B. The validate server certificate option is disabled.C. The client certificate has a valid expiration date.D. The user account is the same in the certificate.E. The supplicant is configured correctly.F. The subject key identifier is configured correctly.

Answer: ADF

QUESTION 23Which three configuration steps are necessary on the WLC when implementing central web authentication in conjunction with Cisco ISE. (Choose three.)

QUESTION 25An engineer is considering an MDM integration with Cisco ISE to assist with security for lost devices. Which two functions of MDM increase security for lost devices that access data from the network? (Choose two.)

QUESTION 27Which two considerations must a network engineer have when planning for voice over wireless roaming? (Choose two.)

A. Roaming with only 802.1x authentication requires full reauthentication.B. Full reauthentication introduces gaps in a voice conversation.C. Roaming occurs when e phone has seen at least four APs.D. Roaming occurs when the phone has reached -80 dBs or below.

QUESTION 29An engineer is deploying EAP-TLS as the authentication mechanism for an 802.1X- enabled wireless network. Which network device is responsible for applying the digital signature to a certificate to ensure that the certificate is trusted and valid?

QUESTION 30An engineer is configuring a new mobility anchor for a WLAN on the CLI with the config wlan mobility anchor add 3 10.10.10.10 command, but the command is failing. Which two conditions must be met to be able to enter this command? (Choose two.)

A. The anchor controller IP address must be within the management interface subnet.B. The anchor controller must be in the same mobility group.C. The WLAN must be enabled.D. The mobility group keepalive must be configured.E. The indicated WLAN ID must be present on the controller.